[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[Robin H. Johnson (robbat2)]

robbat2     08/10/22 18:01:42

  Modified:             glep-0058.txt
  Log:
  More RST validation fixes on tree-signing gleps.

Revision  Changes    Path
1.3                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.2&r2=1.3

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.2
retrieving revision 1.3
diff -p -w -b -B -u -u -r1.2 -r1.3
--- glep-0058.txt	22 Oct 2008 17:59:43 -0000	1.2
+++ glep-0058.txt	22 Oct 2008 18:01:42 -0000	1.3
@@ -1,7 +1,7 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.2 $
-Last-Modified: $Date: 2008/10/22 17:59:43 $
+Version: $Revision: 1.3 $
+Last-Modified: $Date: 2008/10/22 18:01:42 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[Robin H. Johnson (robbat2)]

robbat2     08/10/28 07:45:27

  Modified:             glep-0058.txt
  Log:
  Fix references to other GLEPs in the series and headers.

Revision  Changes    Path
1.4                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.3&r2=1.4

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.3
retrieving revision 1.4
diff -p -w -b -B -u -u -r1.3 -r1.4
--- glep-0058.txt	22 Oct 2008 18:01:42 -0000	1.3
+++ glep-0058.txt	28 Oct 2008 07:45:27 -0000	1.4
@@ -1,15 +1,15 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.3 $
-Last-Modified: $Date: 2008/10/22 18:01:42 $
+Version: $Revision: 1.4 $
+Last-Modified: $Date: 2008/10/28 07:45:27 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
 Content-Type: text/x-rst
-Requires: GLEP44, GLEP60
+Requires: 44, 60
 Created: October 2006
 Updated: November 2007, June 2008, July 2008, October 2008
-Post-History: ...
+Post-History:
 
 ========
 Abstract
@@ -90,10 +90,10 @@ Procedure for creating the MetaManifest 
       packages, local
    2. If a directory contains a Manifest file, extract all relevant local
       files from it (presently: AUX, MISC, EBUILD; but should follow the
-      evolution of Manifest2 entry types per [GLEPxx+5]), and place them
+      evolution of Manifest2 entry types per [#GLEP60]), and place them
       into the COVERED set.
    3. Recursively add every file in the directory to the ALL set,
-      pursusant to the exclusion list as mentioned in [GLEPxx+5].
+      pursusant to the exclusion list as mentioned in [#GLEP60].
 
 4. Produce a new set, UNCOVERED, as the set-difference (ALL)-(COVERED).
    This is every item that is not covered by another Manifest, or part
@@ -118,7 +118,7 @@ Procedure for creating the MetaManifest 
    1. For the initial implementation, the same key as used for snapshot
       tarball signing is sufficient.
    2. For the future, the key used for fully automated signing by infra
-      should not be on the same keyring as developer keys. See [GLEPxx+3
+      should not be on the same keyring as developer keys. See [#GLEPxx+3
       for further notes].
 
 The above does not conflict the proposal contained in GLEP33, which
@@ -152,10 +152,10 @@ Procedure for verifying an item in the M
 In the following, I've used term 'M2-verify' to note following the hash
 verification procedures as defined by the Manifest2 format - which
 compromise checking the file length, and that the hashes match. Which
-filetypes may be ignored on missing is discussed in [GLEPxx+5].
+filetypes may be ignored on missing is discussed in [#GLEP60].
 
 1. Check the GnuPG signature on the MetaManifest against the keyring of
-   automated Gentoo keys. See [GLEPxx+3] for full details regarding
+   automated Gentoo keys. See [#GLEPxx+3] for full details regarding
    verification of GnuPG signatures. 
    1. Abort if the signature check fails.
 
@@ -211,7 +211,7 @@ users.
 --------------------------------------------
 MetaManifest and the new Manifest2 filetypes
 --------------------------------------------
-While [GLEPxx+5] describes the addition of new filetypes, these are NOT
+While [#GLEP60] describes the addition of new filetypes, these are NOT
 needed for implementation of the MetaManifest proposal. Without the new
 filetypes, all entries in the MetaManifest would be of type 'MISC'.
 

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[Robin H. Johnson (robbat2)]

robbat2     10/01/13 00:57:49

  Modified:             glep-0058.txt
  Log:
  Note that first-level directory Manifests will be used to cut the size impact, not limited to per-category Manifests. Per suggestion by ulm.

Revision  Changes    Path
1.5                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.4&r2=1.5

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.4
retrieving revision 1.5
diff -p -w -b -B -u -u -r1.4 -r1.5
--- glep-0058.txt	28 Oct 2008 07:45:27 -0000	1.4
+++ glep-0058.txt	13 Jan 2010 00:57:49 -0000	1.5
@@ -1,15 +1,15 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.4 $
-Last-Modified: $Date: 2008/10/28 07:45:27 $
+Version: $Revision: 1.5 $
+Last-Modified: $Date: 2010/01/13 00:57:49 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
 Content-Type: text/x-rst
 Requires: 44, 60
 Created: October 2006
-Updated: November 2007, June 2008, July 2008, October 2008
-Post-History:
+Updated: November 2007, June 2008, July 2008, October 2008, January 2010
+Post-History: Decemeber 2009
 
 ========
 Abstract
@@ -126,10 +126,10 @@ restructure eclasses to include subdirec
 the Manifest rules above still provide indirect verification for all
 files after the GLEP33 restructuring if it comes to pass.
 
-If other Manifests are added (such as per-category, or protecting
-versioned eclases), the size of the MetaManifest will be greatly
-reduced, and this specification was written with such a possible future
-addition in mind.
+If other Manifests are added (such as per-category, per first-level
+directory, or protecting versioned eclases), the size of the
+MetaManifest will be greatly reduced, and this specification was written
+with such a possible future addition in mind.
 
 MetaManifest generation will take place as part of the existing process
 by infrastructure that takes the contents of CVS and prepares it for
@@ -246,12 +246,12 @@ MetaManifest size considerations
 --------------------------------
 With only two levels of Manifests (per-package and top-level), every
 rsync will cause a lot of traffic transfering the modified top-level
-MetaManifest. To reduce this, per-category Manifests are strongly
-recommended. Alternatively, if the distribution method efficently
-handles small patch-like changes in an existing file, using an
-uncompressed MetaManifest may be acceptable (this would primarily be
-distributed version control systems). Other suggestions in reducing this
-traffic are welcomed.
+MetaManifest. To reduce this, first-level directory Manifests are
+strongly recommended. Alternatively, if the distribution method
+efficently handles small patch-like changes in an existing file,
+using an uncompressed MetaManifest may be acceptable (this would
+primarily be distributed version control systems). Other suggestions
+in reducing this traffic are welcomed.
 
 =======================
 Backwards Compatibility

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[Robin H. Johnson (robbat2)]

robbat2     10/01/31 07:53:30

  Modified:             glep-0058.txt
  Log:
  Revise GLEP58 per Calchan questions: Additional levels of Manifests are no longer optional; Clarifications added to creation process;

Revision  Changes    Path
1.7                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.7&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.7&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.6&r2=1.7

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.6
retrieving revision 1.7
diff -p -w -b -B -u -u -r1.6 -r1.7
--- glep-0058.txt	13 Jan 2010 03:26:53 -0000	1.6
+++ glep-0058.txt	31 Jan 2010 07:53:30 -0000	1.7
@@ -1,7 +1,7 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.6 $
-Last-Modified: $Date: 2010/01/13 03:26:53 $
+Version: $Revision: 1.7 $
+Last-Modified: $Date: 2010/01/31 07:53:30 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -9,7 +9,7 @@ Content-Type: text/x-rst
 Requires: 44, 60
 Created: October 2006
 Updated: November 2007, June 2008, July 2008, October 2008, January 2010
-Post-History: December 2009
+Post-History: December 2009, January 2010
 
 ========
 Abstract
@@ -75,19 +75,27 @@ located at the root of a repository.
 ---------------------------------------------
 Procedure for creating the MetaManifest file:
 ---------------------------------------------
+Summary:
+========
+The objective of creating the MetaManifest file(s) is to ensure that
+every single file in the tree occurs in at least one Manifest.
+
+Process:
+========
 1. Start at the root of the Gentoo Portage tree (gentoo-x86, although
    this procedure applies to overlays as well).
 
 2. Initialize two unordered sets: COVERED, ALL.
 
-   1. 'ALL' will contain every file in the tree.
-   2. 'COVERED' will contain every file that is mentioned in an existing
-      Manifest2.
+   1. 'ALL' shall contain every file that exists in the present tree.
+   2. 'COVERED' shall contain EVERY file that is mentioned in an existing
+      Manifest2. If a file is mentioned in a Manifest2, but does not
+      exist, it must still be included. No files should be excluded.
 
 3. Traverse the tree, depth-first.
 
    1. At the top level only, ignore the following directories: distfiles,
-      packages, local
+      packages, local.
    2. If a directory contains a Manifest file, extract all relevant local
       files from it (presently: AUX, MISC, EBUILD; but should follow the
       evolution of Manifest2 entry types per [#GLEP60]), and place them
@@ -121,21 +129,25 @@ Procedure for creating the MetaManifest 
       should not be on the same keyring as developer keys. See [#GLEPxx+3
       for further notes].
 
+Notes:
+======
 The above does not conflict the proposal contained in GLEP33, which
 restructure eclasses to include subdirectories and Manifest files, as
 the Manifest rules above still provide indirect verification for all
 files after the GLEP33 restructuring if it comes to pass.
 
-If other Manifests are added (such as per-category, per first-level
-directory, or protecting versioned eclasses), the size of the
-MetaManifest will be greatly reduced, and this specification was written
-with such a possible future addition in mind.
+Additional levels of Manifests are required, such as per-category, and
+in the eclasses, profiles and metadata directories. This ensures that a
+change to a singular file causes the smallest possible overall change in
+the Manifests as propagated. Creation of the additional levels of
+Manifests uses the same process as described above, simply starting at a
+different root point.
 
 MetaManifest generation will take place as part of the existing process
 by infrastructure that takes the contents of CVS and prepares it for
 distribution via rsync, which includes generating metadata. In-tree
-Manifest files are not checked at this point, as they are assumed to be
-correct.
+Manifest files are not validated at this point, as they are assumed to
+be correct.
 
 --------------------------------------------------------
 Verification of one or more items from the MetaManifest:
@@ -208,6 +220,14 @@ commit as they do presently, and the Met
 Infrastructure during the tree generation process, and distributed to
 users.
 
+Any scripts generating Manifests and the MetaManifest may find it useful
+to generate multiple levels of Manifests in parallel, and this is
+explicitly permitted, provided that every file in the tree is covered by
+at least one Manifest or the MetaManifest file. The uppermost
+Manifest (MetaManifest) is the only item that does not occur in any
+other Manifest file, but is instead GPG-signed to enable it's
+validation.
+
 --------------------------------------------
 MetaManifest and the new Manifest2 filetypes
 --------------------------------------------
@@ -247,11 +267,11 @@ MetaManifest size considerations
 With only two levels of Manifests (per-package and top-level), every
 rsync will cause a lot of traffic transferring the modified top-level
 MetaManifest. To reduce this, first-level directory Manifests are
-strongly recommended. Alternatively, if the distribution method
-efficiently handles small patch-like changes in an existing file,
-using an uncompressed MetaManifest may be acceptable (this would
-primarily be distributed version control systems). Other suggestions
-in reducing this traffic are welcomed.
+required. Alternatively, if the distribution method efficiently handles
+small patch-like changes in an existing file, using an uncompressed
+MetaManifest may be acceptable (this would primarily be distributed
+version control systems). Other suggestions in reducing this traffic are
+welcomed.
 
 =======================
 Backwards Compatibility

[gentoo-commits] gentoo commit in xml/htdocs/proj/en/glep: glep-0058.txt

[Robin H. Johnson (robbat2)]

robbat2     10/04/07 06:35:16

  Modified:             glep-0058.txt
  Log:
  Fix formatting of citations and one in-text citation.

Revision  Changes    Path
1.9                  xml/htdocs/proj/en/glep/glep-0058.txt

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.9&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?rev=1.9&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt?r1=1.8&r2=1.9

Index: glep-0058.txt
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/glep/glep-0058.txt,v
retrieving revision 1.8
retrieving revision 1.9
diff -p -w -b -B -u -u -r1.8 -r1.9
--- glep-0058.txt	7 Feb 2010 16:24:17 -0000	1.8
+++ glep-0058.txt	7 Apr 2010 06:35:16 -0000	1.9
@@ -1,7 +1,7 @@
 GLEP: 58
 Title: Security of distribution of Gentoo software - Infrastructure to User distribution - MetaManifest
-Version: $Revision: 1.8 $
-Last-Modified: $Date: 2010/02/07 16:24:17 $
+Version: $Revision: 1.9 $
+Last-Modified: $Date: 2010/04/07 06:35:16 $
 Author: Robin Hugh Johnson <robbat2@gentoo.org>, 
 Status: Draft
 Type: Standards Track
@@ -126,8 +126,8 @@ Process:
    1. For the initial implementation, the same key as used for snapshot
       tarball signing is sufficient.
    2. For the future, the key used for fully automated signing by infra
-      should not be on the same keyring as developer keys. See [#GLEPxx+3
-      for further notes].
+      should not be on the same keyring as developer keys. See
+      [#GLEPxx+3] for further notes.
 
 Notes:
 ======
@@ -298,14 +298,17 @@ I'd like to thank the following people f
 References
 ==========
 
-[C08a] Cappos, J et al. (2008). "Package Management Security".
+.. [C08a] Cappos, J et al. (2008). "Package Management Security".
     University of Arizona Technical Report TR08-02. Available online
     from: ftp://ftp.cs.arizona.edu/reports/2008/TR08-02.pdf
-[C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
+
+.. [C08b] Cappos, J et al. (2008). "Attacks on Package Managers"
     Available online at:
     http://www.cs.arizona.edu/people/justin/packagemanagersecurity/
-[#GLEPxx+2] Future GLEP on Developer Process security.
-[#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.
+
+.. [#GLEPxx+2] Future GLEP on Developer Process security.
+
+.. [#GLEPxx+3] Future GLEP on GnuPG Policies and Handling.
 
 =========
 Copyright